Force TLS on 587
Question asked by Tony Evers - 2/22/2017 at 8:45 PM
I've seen a thread related to this tonight,  and even bumped that thread tonight on this issue, but just in case I'm not completely understanding I'm posting this as a new thread in as concise a way as possible.

If users want to send via our smarter mail server using outlook, thunderbird, etc, and they want to be unencrypted - go ahead and use port 25 - see if I care.  I know 25 has to remain unencrypted in order for the world of email to function.  However if you are authenticating using 587, I want to force you to use and encrypted connection.  
Am I right that this is not possible at this time?  I'm doing some testing and it allows me to connect via 587 with an unecrypted connection, even though I have TLS turned on that port.

3 Replies

Reply to Thread
Tony Evers Replied
Are you cereal? There are zero replies to this...what am I missing - is it that dumb a question?
Employee Replied
Employee Post Marked As Answer
Hello Tony.  Even if TLS is enabled for ports 25/587, an unencrypted connection is still available. 
Douglas Foster Replied
Very late answer, but based on my understanding:
1) Configuring a port for "TLS" disables SSLv3 but uses STARTTLS, making encryption optional.  Configuring a port for "SSL" makes encryption mandatory but enables SSLv3.   Therefore, in the newest builds, mandatory encryption should be achievable by configuring the port for "SSL", then configuring the SmarterMail environment to use operating system settings, then configuring operating system SCHANNEL settings to disable SSLv3.  The difference in behavior between port SSL and port TLS is not well documented!

Reply to Thread